SIMATIC Safety - Getting Started 1 ___________________ Introduction to example 2 ___________________ Configuring 3 ___________________ Programming A ___________________ Setting up access protection SIMATIC Safety - Getting Started Getting Started 08/2011 A5E02714463-01 B ___________________ Modifying the safety program Typical configuring and ___________________ programming errors and their C causes Legal information Legal information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger. DANGER indicates that death or severe personal injury will result if proper precautions are not taken. WARNING indicates that death or severe personal injury may result if proper precautions are not taken. CAUTION with a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken. CAUTION without a safety alert symbol, indicates that property damage can result if proper precautions are not taken. NOTICE indicates that an unintended result or situation can occur if the relevant information is not taken into account. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage. Qualified Personnel The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems. Proper use of Siemens products Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed. Trademarks All names identified by (R) are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner. Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions. Siemens AG Industry Sector Postfach 48 48 90026 NURNBERG GERMANY A5E02714463-01 08/2011 Copyright (c) Siemens AG 2011. Technical data subject to change Table of contents 1 2 3 Introduction to example ............................................................................................................................. 5 1.1 Requirements for configuring and programming ...........................................................................5 1.2 Example Structure and Task Definition .........................................................................................7 1.3 Procedure.......................................................................................................................................8 Configuring .............................................................................................................................................. 11 2.1 Introduction ..................................................................................................................................11 2.2 Step 1: Configuring the CPU 315F-2 PN/DP ...............................................................................12 2.3 Step 2: Configuring an ET 200S distributed I/O system on a PROFINET subnet.......................13 2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the laser scanner...................................................................................................14 2.5 Step 4: Configuring an F-DO module for connecting a motor .....................................................17 2.6 Step 5: Configuring a standard DI module for user acknowledgement, feedback circuit, and start pushbutton ....................................................................................................................18 2.7 Summary: Configuring the Hardware ..........................................................................................18 Programming ........................................................................................................................................... 19 3.1 Introduction ..................................................................................................................................19 3.2 Step 6: Specifying the centralized settings for the safety program..............................................21 3.3 Step 7: Creating an F-FB .............................................................................................................23 3.4 Step 8: Programming the safety door function ............................................................................24 3.5 Step 9: Programming the emergency stop function.....................................................................26 3.6 Step 10: Programming the feedback monitoring .........................................................................28 3.7 Step 11: Programming the user acknowledgment for reintegration of the F-I/O .........................30 3.8 Step 12: Programming of the main safety block ..........................................................................31 3.9 Step 13: Compiling the safety program .......................................................................................32 3.10 Step 14: Assigning device names................................................................................................34 3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode ............................................................................................................................................35 A Setting up access protection.................................................................................................................... 39 B Modifying the safety program................................................................................................................... 41 C Typical configuring and programming errors and their causes................................................................. 45 SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 3 Table of contents SIMATIC Safety - Getting Started 4 Getting Started, 08/2011, A5E02714463-01 Introduction to example 1.1 1 Requirements for configuring and programming Introduction These instructions will guide you step-by-step through a specific example for configuring and programming with STEP 7 Safety Advanced V11. You will become acquainted with the basic functions and special features of STEP 7 Safety Advanced V11. It should take one or two hours to work through this example, depending on your experience. Requirements for the example The following requirements must be met: Adobe Reader Version 9 or higher is required for the multi-media content. In order to understand these Getting Started instructions, you need general knowledge of automation technology. You also need to be familiar with STEP 7 Professional V11. You need an S7-300 station consisting of: - Power supply (PS) with 2 A - CPU 315F-2 PN/DP with inserted SIMATIC Micro Memory Card - ET 200S distributed I/O system with: - Interface module IM 151-3 PN HIGH FEATURE - Power module PM-E DC24V - Terminal modules, e.g., TM-E30S44-01, TM-E30C44-01 - ET 200S fail-safe digital input module 4/8 F-DI DC24V - ET 200S fail-safe digital output module 4 F-DO DC24V/2A - Digital electronic module 4DI DC24V ST - Termination module - Laser scanner The following software packages must be correctly installed on your programming device or PC with Ethernet interface: - STEP 7 Professional V11 - STEP 7 Safety Advanced V11 SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 5 Introduction to example 1.1 Requirements for configuring and programming If you do not have any hardware components available, you can also use the optional package S7-PLCSIM (hardware simulation program) V5.4 SP4 or higher. This optional package will enable you to simulate the hardware components as described in these Getting Started instructions. The programming device or PC must be connected to the F-CPU via the PROFINET interface. The hardware must be fully installed and wired. Instructions for this can be found in the ET 200S Distributed I/O System; Fail-Safe Modules (http://support.automation.siemens.com/WW/view/en/34474892) manual. The installation and wiring of the CPU 315F-2 DP/PN is described in the S7-300 Automation System, Getting Started Collection (http://support.automation.siemens.com/WW/view/en/49368678/134200) manual. WARNING As a component in plants and systems, the S7-300 is subject to specific standards and regulations depending on the area of application. Please note the applicable safety and accident prevention regulations, e.g., IEC 60204-1 (General Requirements for Safety of Machinery). The example in these Getting Started instructions serves as an introduction to configuring and programming of STEP 7 Safety Advanced V11. It does not lead to actual live operation in every case. Before you do this, it is essential that you refer to the current version of the "SIMATIC Safety - Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678)" manual. The warnings and other notes contained in that manual must be heeded at all times even if they are not repeated in this document! Serious injury and damage to machines and equipment may result if these regulations are ignored. SIMATIC Safety - Getting Started 6 Getting Started, 08/2011, A5E02714463-01 Introduction to example 1.2 Example Structure and Task Definition 1.2 Example Structure and Task Definition Production cell with access protection 1 2 4 3 Emergency Stop Laser scanner Safety door Control panel with start and acknowledgement pushbuttons The entry to the production area is monitored with a laser scanner. The service area is secured by a safety door. Entering the production area or opening the safety door results in a stop or shutdown of the production cell similar to an emergency stop. The system can only be started when the emergency stop is cancelled, the safety door is closed, and the laser scanner detects no one in the protected area. On-site user acknowledgment is required to restart production after the emergency stop has been activated or the safety door has been opened. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 7 Introduction to example 1.3 Procedure 1.3 Procedure The example in these Getting Started instructions consists of the following chapters: Configuring You configure: An ET 200S fail-safe digital input module for connecting an emergency stop switch, the position switches for monitoring a safety door, and the laser scanner for monitoring the entry area. An ET 200S fail-safe digital output module for connecting a motor. An ET 200S standard electronic module for user acknowledgment, feedback loop, and start pushbutton. The configuration is described in the "Configuring (Page 11)" chapter. Programming Once the configuration is successfully completed, you can program your safety program. In our example, a fail-safe block is programmed with an emergency stop, a safety door function, a feedback loop (as restart protection when there is an incorrect load), and a user acknowledgment for reintegration. The block is then compiled to form a safety program. The programming is described in the "Programming (Page 19)" chapter. Installation on PROFINET IO &38)31'3 (76 352),1(7,2 SIMATIC Safety - Getting Started 8 Getting Started, 08/2011, A5E02714463-01 Introduction to example 1.3 Procedure Wiring overview for ET 200S This interactive graphic gives you the opportunity to become familiar with how the example functions in this Getting Started. To do so, move your cursor over the operator control elements. ,031 +,*+)($785( )'2 )', 30('&99 ', $8; 8VHUDFNQRZOHGJH PHQW 9VV (PHUJHQF\ 6WRS 9VV . )HHGEDFNORRS /DVHUVFDQQHU . 6DIHW\GRRU FRQWDFWV 9VV 9VV /RDG SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 9 Introduction to example 1.3 Procedure SIMATIC Safety - Getting Started 10 Getting Started, 08/2011, A5E02714463-01 2 Configuring 2.1 Introduction Introduction WARNING You may come into contact with live electrical wires connected to the mains power supply. Only wire the S7-300 and ET 200S when they are disconnected from the mains power supply. The installation and wiring of the CPU 315F-2 PN/DP is described in S7-300 Automation System, Getting Started Collection (http://support.automation.siemens.com/WW/view/en/49368678/134200). Configuring the Hardware In STEP 7 Professional you configure: A CPU 315F-2 PN/DP An ET 200S distributed I/O system consisting of: - An interface module IM151-3 PN HIGH FEATURE - An ET 200S fail-safe digital input module for connecting an emergency stop switch and position switches for monitoring a safety door and the laser scanner - An ET 200S fail-safe digital output module for connecting a motor - An ET 200S standard digital electronic module for user acknowledgment, feedback loop, and start pushbutton SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 11 Configuring 2.2 Step 1: Configuring the CPU 315F-2 PN/DP 2.2 Step 1: Configuring the CPU 315F-2 PN/DP Introduction In this step, you create a new project, add an F-CPU, and assign parameters for it. Procedure 1. In the portal view of STEP 7 Professional V11, create a new project named "S7_Safety_V11_GS" 2. Use "Add new device" to add a CPU 315F-2 PN/DP. Result: The device view containing the CPU 315F-2 PN/DP opens. 3. Change to the "F-parameter" area. Here, you can change the following parameters or accept the default setting: - "Basis for PROFIsafe addresses" - "Default F-monitoring time for F-I/O of this interface" 4. Leave the default values unchanged for this example. Result The new project has been created and the F-CPU has been configured. SIMATIC Safety - Getting Started 12 Getting Started, 08/2011, A5E02714463-01 Configuring 2.3 Step 2: Configuring an ET 200S distributed I/O system on a PROFINET subnet 2.3 Step 2: Configuring an ET 200S distributed I/O system on a PROFINET subnet Introduction In this step, you configure the interface module for the ET 200S distributed I/O system and a PROFINET subnet. Procedure 1. In the project view, click the "Network view" tab. 2. In the hardware catalog, enter "IM151-3 PN HF" in the search field, and start the search. 3. Drag the module with order number 6ES7151-3BA23-0AB0 from the search results to the graphical area of the network view. 4. While holding the mouse button down, drag a line from the PROFINET interface of the IM151-3 PN HIGH FEATURE to the green PROFINET interface of the F-CPU to create a PROFINET connection. Result: A PROFINET subnet between the F-CPU and the IM151-3 PN HIGH FEATURE is created automatically. 5. In the graphics work area of the network view, double-click the IM151-3 PN HIGH FEATURE. Result: The IM151-3 PN HIGH FEATRUE is opened in the device view. 6. Use drag-and-drop to add a PM-E DC24V power module from the hardware catalog to slot 1. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 13 Configuring 2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the laser scanner Result The configuration of the interface module for the ET 200S distributed I/O system and the PROFINET subnet is now complete. 2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the laser scanner Introduction In this step, you configure an F-DI module for connecting an emergency stop switch, the position switches for monitoring a safety door, and the laser scanner for monitoring the entry area. Procedure 1. In the device view of the ET 200S, use drag-and-drop to add a 4/8 F-DI DC24V PROFIsafe digital electronic module from the hardware catalog to slot 2. 2. Choose the "I/O addresses" area. Leave the default addresses unchanged at "0" for this example. 3. Change to the "F-parameter" area. Here, you can change the following parameters or apply the default settings: - "F-destination address" - "F-monitoring time" - "Behavior after channel faults" - "F-I/O DB-name" The PROFIsafe addresses must be unique network-wide and station-wide. The addresses are assigned automatically to prevent parameter assignment errors. Note The PROFIsafe destination address must be set via a DIP switch on the F-module. SIMATIC Safety - Getting Started 14 Getting Started, 08/2011, A5E02714463-01 Configuring 2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the laser scanner A valid current safety message frame must be received from the F-CPU within the Fmonitoring time. Otherwise, the F-module goes to safe state. The F-monitoring time must be set high enough that message frame delays are tolerated and, at the same time, low enough that the process can react as quickly as possible when a fault occurs and run without impairment. The Excel file for calculating response times serves an aid in calculating this time. You can find this file in Internet (http://support.automation.siemens.com/WW/view/en/49368678/133100). By default, the F-monitoring time is taken from the "Default F-monitoring time for F-I/O of this interface" parameter of the F-CPU. Leave the settings unchanged for the F-parameters for this example. 4. Switch to the "DI parameter" area. Deactivate the "Short-circuit test" parameter. 5. In this example, a two-channel emergency stop switch (emergency stop) will be connected to channels 0 and 4. Enter the settings as shown in the following figure: 6. In this example, the position switches for monitoring a two-channel safety door will be connected to channels 1 and 5. Make the settings as shown in the following figure: SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 15 Configuring 2.4 Step 3: Configuring an F-DI module for connecting an emergency stop switch, position switches, and the laser scanner 7. In this example, the laser scanner for monitoring the accessible entry area will be connected to channels 2 and 6. Make the settings as shown in the following figure: 8. Disable the unused DI channels 3 and 7 by clearing the "Activated" check box. Result The configuration of the F-input module is now complete. SIMATIC Safety - Getting Started 16 Getting Started, 08/2011, A5E02714463-01 Configuring 2.5 Step 4: Configuring an F-DO module for connecting a motor 2.5 Step 4: Configuring an F-DO module for connecting a motor Introduction In this step, you configure an F-DO module for indirect connection of a motor to channel 0 via 2 contactors. Procedure 1. In the device view of the ET 200S, use drag-and-drop to add a 4 F-DO DC24V/2A PROFIsafe digital electronic module from the hardware catalog to slot 3. 2. Select the "Input/output addresses" tab. Leave the default addresses unchanged at "6" for this example. 3. Change to the "F-parameter" area. Here, you can change the following parameters or accept the default settings: - "F-destination address" - "F-monitoring time" Leave the settings unchanged for the F-parameters for this example. Note The PROFIsafe destination address must be set via a DIP switch on the F-module. 4. Change to the "DO parameter" area. Here, you can change channel-specific parameters or apply the default settings. Enter the settings for the example as shown in the following figure: 5. Disable the unused DO channels 1, 2, and 3 by clearing the "Activated" check box. Result The configuration of the F-output module is now complete. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 17 Configuring 2.6 Step 5: Configuring a standard DI module for user acknowledgement, feedback circuit, and start pushbutton 2.6 Step 5: Configuring a standard DI module for user acknowledgement, feedback circuit, and start pushbutton Introduction In this step, you assign parameters of a standard 4DI module for the non-fail-safe signals (user acknowledgement, feedback loop, and start pushbutton). Procedure 1. Use drag-and-drop to add a 4DI DC24V ST digital electronic module from the hardware catalog to slot 4. 2. Assign the input address of the standard DI module to "11" for this example. Result The configuration of the electronic module 4DI DC24V ST is now complete. 2.7 Summary: Configuring the Hardware Summary: So far, you have configured the following according to the task definition for the example: The CPU 315F-2 PN/DP ET 200S distributed I/O system with: - Interface module IM151-3 PN HIGH FEATURE - ET 200S fail-safe digital input module for connecting an emergency stop switch, position switches for monitoring a safety door, and the laser scanner for monitoring the accessible production area. - Start addresses of the output and input data areas: both 0 - Channels 0 and 4 for emergency stop - Channels 1 and 5 for safety door position switches - Channels 2 and 6 for the laser scanner - An ET 200S fail-safe digital output module for connecting a motor - Start addresses of the output and input data areas: both 6 - Channel 0 for indirect switching of a motor via 2 contactors - An ET 200S standard digital electronic module for user acknowledgment, feedback loop, and start pushbutton - Start address: 11 You can now continue with programming the safety program. SIMATIC Safety - Getting Started 18 Getting Started, 08/2011, A5E02714463-01 Programming 3.1 3 Introduction Introduction In this example, a fail-safe block (F-FB) will be programmed with a safety door function, an emergency stop function (safety circuit for switch-off in case of emergency stop, open safety door, or someone entering the protected area monitored by the laser scanner), a feedback circuit (as protection against reclosing in case of faulty load), and a user acknowledgement for reintegration. The programmed F-FB will then be compiled to form a safety program and downloaded to the F-CPU. F-I/O data blocks During compilation, an F-I/O DB is automatically generated for each F-I/O, and a name is entered for it in the block interface in the same time. The F-I/O DBs generated for the example I/O are located in the "Program blocks" folder. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 19 Programming 3.1 Introduction The name of the F-I/O DB is formed from the fixed prefix "F", the start address of the F-I/O, the names entered in the properties for the F-I/O in the hardware and network editor, and the DB number. Symbolic names in this example: "F00000_4/8 F DI DC24V [DB512]": fail-safe digital input module 4/8 F-DI DC24V PROFIsafe "F00006_4 F DO DC24V 2A [DB513]": Fail-safe digital output module 4 F-DO DC24V/2A PROFIsafe You can access the tags of the F-I/O DB with a fully qualified DB access (that is, by specifying the name of the F-I/O DB and by specifying the name of the tag). F-shared DB The F-shared DB (F_GLOBDB) is a fail-safe data block that is automatically inserted when the F-CPU is inserted and contains all of the shared data of the safety program and additional information needed by the F-system. Programming You can program the safety program in LAD and FBD. In so doing, the instructions, data types, and operand areas you can use are subject to certain restrictions (see the "Overview of programming" chapter of the "SIMATIC Safety, Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678)" manual). The FBD programming language is used in this example. Note Preconnection of enable input EN or evaluation of enable output ENO is not possible. If you require the Boolean constants "0" and "1" in your safety program to assign parameters during block calls, you can access the "VKE0" and "VKE1" tags in the F-shared DB using a fully qualified DB access ("F_GLOBDB".VKE0 or "F_GLOBDB".VKE1). Note Fail-safe signals are shown in yellow in the LAD/FBD Editor. Note Note the rules for the program structure in the "Specify F-runtime groups" chapter of the "SIMATIC Safety - Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678)" manual. SIMATIC Safety - Getting Started 20 Getting Started, 08/2011, A5E02714463-01 Programming 3.2 Step 6: Specifying the centralized settings for the safety program 3.2 Step 6: Specifying the centralized settings for the safety program Introduction The first step in programming of the safety program is the main safety block. The main safety block is an F-FC or F-FB (with instance DB), that when called from a standard block (recommendation: cyclic interrupt OB 35) becomes the main safety block. When this block is compiled, additional instructions are added that call the remaining F-blocks of the safety program. You must assign the main safety block to an F-runtime group in order for it to be identified as such. When the F-CPU is inserted, an F-runtime group and the associated main safety block were created by default and assigned to the F-runtime group. The cyclic interrupt OB (CYC_INT5 [OB35]) calls the main safety block (Main_Safety [FB1]) by default. The F-blocks created by the user are called from the main safety block. You can change the calling block and the called block at any time. After the safety program is executed, the standard user program will resume. Opening the Safety Administration Editor 1. In the project tree of the F-CPU, double-click on "Safety Administration". Result:The Safety Administration Editor opens. You make central settings for the safety program in the Safety Administration Editor. 2. In the area navigation of the Safety Administration Editors, switch to "F-runtime group". The F-runtime group created automatically when the F-CPU was created and the associated main safety block are displayed. Leave the preset blocks for this example. For additional information on the Safety Administration Editor, refer to the "SIMATIC Safety Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678)" manual. Numbering ranges of F-system blocks When the safety program is compiled, F-blocks are automatically added in order to generate an executable safety program. By default, the system automatically manages the numbering range, which is displayed in the Safety Administration Editor under "Settings". Keep the preassigned settings for this example. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 21 Programming 3.2 Step 6: Specifying the centralized settings for the safety program Specifying inputs and outputs for the safety program After configuring the hardware as described in Steps 1 to 5, the following fail-safe I/O DBs are available for programming the example: Configured hardware Start Symbolic name addr ess Fail-safe digital input module 4/8 F-DI DC24V PROFIsafe 0 F00000_4/8 F DI DC24V [DB512] Fail-safe digital output module 4 F-DO DC24V/2A PROFIsafe 6 F00006_4 F DO DC24V 2A [DB513] Assign the following symbolic names for the fail-safe inputs and outputs: Inputs and outputs in the safety program Symbolic name I0.0 for emergency stop ESTOP I0.1 for safety door position switch Safety_Door_SW1 I0.5 for safety door position switch Safety_Door_SW2 I0.2 for laser scanner Laserscanner Q6.0 for motor starter Motor I11.0 for acknowledgment Quit I11.1 for feedback loop Feedback I11.2 for start pushbutton START M10.0 for operational switching Standard_Program_On_Off SIMATIC Safety - Getting Started 22 Getting Started, 08/2011, A5E02714463-01 Programming 3.3 Step 7: Creating an F-FB 3.3 Step 7: Creating an F-FB Introduction In this step, you create an F-FB in which you program the safety functions for this example in the next steps. Procedure 1. Insert an F-FB. Go to the "Program blocks" folder of the F-CPU and double-click "Add new block". The "Add new block" dialog opens. 2. Under "Name" enter "Safety_Interlock" for the name of the F-FB. 3. Click the "Function block" button on the left. 4. Under "Number" choose the "Manual" option, and enter 100. 5. Choose "FBD" as the language for the F-FB. 6. Close the dialog box with "OK" Result The F-FB "Safety_Interlock" is created in the "Program blocks" folder and opens automatically in the LAD/FBD Editor. You can now continue with programming the safety functions in the next step. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 23 Programming 3.4 Step 8: Programming the safety door function 3.4 Step 8: Programming the safety door function Introduction In this step, you program the safety door function for this example. Procedure 1. Create the following static tag of data type BOOL in the interface of the "Safety_Interlock" F-FB: - "EN_Safety_Door" (Enable safety door) 2. Insert the "SFDOOR" instruction from the "Safety functions" subfolder of the "Instructions" task card. 3. Click "OK" to confirm the "Call options" dialog. 4. Initialize the inputs and outputs with parameters as described in the table below. Result The programming of the safety door function is now complete. SIMATIC Safety - Getting Started 24 Getting Started, 08/2011, A5E02714463-01 Programming 3.4 Step 8: Programming the safety door function Parameter assignment of the "SFDOOR" instruction Inputs/outputs Parameter Data type Description Default "Safety_Door_SW1" IN1 BOOL Input 1 FALSE "Safety_Door_SW2" IN2 BOOL Input 2 FALSE "F00006_4/8 F-DI DC24V_1".QBAD_I_01 QBAD_ IN1 BOOL QBAD signal from F-I/O DB of input IN1 * FALSE "F00006_4/8 F-DI DC24V_1".QBAD_I_05 QBAD_ IN2 BOOL QBAD signal from F-I/O DB of input IN2 * FALSE TRUE OPEN_NEC BOOL TRUE = Opening required on startup TRUE TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE "Quit" ACK BOOL User acknowledgement (via pushbutton) FALSE #EN_Safety_Door Q BOOL Output (Enable safety door) FALSE -- ACK_REQ BOOL Acknowledgement prompt FALSE -- DIAG BYTE Service information B#16#0 * The two inputs QBAD_IN1 and QBAD_IN2 must be interconnected. In this example, both are interconnected with the QBAD signal of the F-I/O DB of the 4/8 F-DI to which the safety door position switches are connected. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 25 Programming 3.5 Step 9: Programming the emergency stop function 3.5 Step 9: Programming the emergency stop function Introduction In this step, you program the emergency stop function for this example. Procedure 1. Create the following static tag of data type BOOL in the interface of the "Safety_Interlock" F-FB: - "EN_Safety" (Enable safety circuit). 2. Insert a new network. 3. Insert the "AND logic operation" instruction from the "Bit logic operations" subfolder of the "Instructions" task card. 4. Insert a third input to the "AND logic operation" instruction and initialize the inputs of the instruction with parameters as described in the table below. 5. Insert the "ESTOP1" instruction from the "Safety functions" subfolder of the "Instructions" task card. 6. Click "OK" to confirm the "Call options" dialog. 7. Initialize the inputs and outputs of the instruction with parameters as described in the table below. 8. Connect the output of the "AND logic operation" instruction to the "ON" input of the "ESTOP1" instruction. SIMATIC Safety - Getting Started 26 Getting Started, 08/2011, A5E02714463-01 Programming 3.5 Step 9: Programming the emergency stop function Result The programming of the emergency stop function (shutdown in case of emergency stop, open safety door, or someone entering the protected area monitored by the laser scanner) is now complete. Parameter assignment of the "AND logic operation" instruction Inputs Parameter Data type Description Default "ESTOP" Input 1 BOOL Emergency STOP FALSE #EN_Safety_Door Input 2 BOOL Enable safety door FALSE "Laserscanner" Input 3 BOOL Laser scanner FALSE Parameter assignment of the "ESTOP1" instruction Inputs/outputs Parameter Data type Description Default TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE "Quit" ACK BOOL User acknowledgement (via pushbutton) FALSE T#0MS TIME_DEL TIME Time delay T#0MS #EN_Safety Q BOOL Enable safety circuit FALSE -- Q_DELAY BOOL Enable is OFF delayed FALSE -- ACK_REQ BOOL Acknowledgement prompt FALSE -- DIAG BYTE Service information B#16#0 SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 27 Programming 3.6 Step 10: Programming the feedback monitoring 3.6 Step 10: Programming the feedback monitoring Introduction In this step, you program the feedback circuit monitoring for this example. Procedure 1. Insert a new network. 2. Insert the "AND logic operation" instruction from the "Bit logic operations" subfolder of the "Instructions" task card. 3. Initialize the inputs of the instruction with parameters as described in the table below. 4. Insert the "FDBACK" instruction from the "Safety functions" subfolder of the "Instructions" task card. 5. Click "OK" to confirm the "Call options" dialog. 6. Initialize the inputs and outputs of the instruction with parameters as described in the table below. 7. Connect the output of the "AND logic operation" instruction to the "ON" input of the "FDBACK" instruction. Result The programming of the feedback monitoring is now complete. SIMATIC Safety - Getting Started 28 Getting Started, 08/2011, A5E02714463-01 Programming 3.6 Step 10: Programming the feedback monitoring Parameter assignment of the "AND logic operation" instruction Inputs Parameter Data type Description Default "Standard_Program_On_Off" Input 1 BOOL TRUE = Switch on output FALSE #EN_Safety Input 2 BOOL Enable safety circuit FALSE Parameter assignment of the "FDBACK" instruction Inputs/outputs Parameter Data type Description Default "Feedback" FEEDBACK BOOL Readback input FALSE "F00006_4 F-Do DC24V_1".QBAD QBAD_FIO BOOL QBAD signal from F-I/O DB of output Q* FALSE TRUE ACK_NEC BOOL TRUE = Acknowledgment required TRUE "Quit" ACK BOOL User acknowledgement (via pushbutton) FALSE T#500MS FDB_TIME TIME Readback time T#0MS "Motor" Q BOOL Output FALSE -- ERROR BOOL Readback error FALSE -- ACK_REQ BOOL Acknowledgement prompt FALSE -- DIAG BYTE Service information B#16#0 * In this example, this is the QBAD signal from the F-I/O DB of the F-DO to which the load (the contactors) is connected. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 29 Programming 3.7 Step 11: Programming the user acknowledgment for reintegration of the F-I/O 3.7 Step 11: Programming the user acknowledgment for reintegration of the F-I/O Introduction In this step, you program the user acknowledgement for reintegration of the F-I/O for this example. Procedure In your safety program, you must provide a user acknowledgment for the reintegration for the F-I/O. In order to acknowledge nevertheless in the event of passivated F-I/O, the acknowledgement pushbutton is evaluated using a standard input. In this example, this is the "Quit" input. You can use the ACK_GL instruction to reintegrate all F-I/O of an F-runtime group. Note A user acknowledgment with a positive edge at the ACK_GL instruction is required for a reintegration of the F-I/O (i.e., for switching from fail-safe values (0) to process data) after a fault is corrected: After every communication error After F-I/O faults or channel faults when parameter ACK_NEC = 1 1. Insert a new network. 2. Insert the "ACK_GL" instruction from the "Safety functions" subfolder of the "Instructions" task card. 3. Click "OK" to confirm the "Call options" dialog. 4. Initialize the input with parameters as described in the table below. SIMATIC Safety - Getting Started 30 Getting Started, 08/2011, A5E02714463-01 Programming 3.8 Step 12: Programming of the main safety block Result The programming of the user acknowledgment is now complete. Parameter assignment of the "ACK_GL" instruction Input Parameter Data type Description Default "Quit" ACK_GLOB BOOL Acknowledgement for reintegration FALSE 3.8 Step 12: Programming of the main safety block Introduction In this step, you program the main safety block for this example. Procedure 1. Double-click in the project navigation to open the main safety block "Main_Safety". 2. Use drag-and-drop to insert the F-FB "Safety_Interlock" in Network 1 of the main safety block. 3. Click "OK" to confirm the "Call options" dialog. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 31 Programming 3.9 Step 13: Compiling the safety program Result The F-FB "Safety_Interlock" will now be called cyclically by the main safety block. You have now programmed the functionality according to the task definition of the example. You can now proceed with the next steps to compile the safety program, assign device names, and download the safety program along with the hardware configuration to the FCPU. 3.9 Step 13: Compiling the safety program Introduction In this step, you compile the hardware configuration and the safety program. A consistency check is performed on the execution-relevant F-blocks when the safety program is compiled, that is, the safety program is checked for errors. Any error messages are output in an error window. After a successful consistency check, the additionally required F-system blocks are generated automatically and added to the F-runtime group in order to generate an executable safety program. Procedure 1. Select the F-CPU in the project tree. 2. In the shortcut menu for the F-CPU, select "Compile > All". The safety program is now compiled. SIMATIC Safety - Getting Started 32 Getting Started, 08/2011, A5E02714463-01 Programming 3.9 Step 13: Compiling the safety program Result If compilation is successful, the result is always a consistent and executable safety program comprising all F-blocks with F-attribute. You are notified of this with the message "Safety program is consistent". SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 33 Programming 3.10 Step 14: Assigning device names 3.10 Step 14: Assigning device names Introduction In this step, you assign the F-CPU and the interface module a PROFINET device name. The PROFINET device names are created automatically by STEP 7 Professional V11; you only have to assign them. For additional information on PROFINET IO, refer to the "SIMATIC PROFINET System Description (http://support.automation.siemens.com/WW/view/en/49948856)". You can find additional information on configuring PROFINET IO in the online help for STEP 7 Professional V11 under "Configurations for PROFINET IO". Procedure 1. Change to the Network view. 2. Connect the PG/PC to the Ethernet subnet via the PROFINET interface. 3. In the Network view, select the subnet and choose the "Assign device name" command in the shortcut menu. 4. In the "Assign PROFINET device name" dialog, select the appropriate PG/PC interface in order to connect to the Ethernet subnet. 5. All configured PROFINET device names are displayed for selection in the upper dropdown list. Select a PROFINET device name from this list and select the interface module that is to receive this device name in the table below. You can filter the devices displayed in the table according to different criteria. 6. You can use the "Flash LED" button to easily identify the device. 7. The F-CPU recognizes the interface module using its device name and automatically assigns the configured IP address to it. SIMATIC Safety - Getting Started 34 Getting Started, 08/2011, A5E02714463-01 Programming 3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode Result You have assigned the device names of the F-CPU and the IM151-3 PN HIGH FEATURE. 3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode Introduction In this step, you download the hardware configuration and the safety program to the F-CPU. Procedure 1. Select the F-CPU in the project tree. 2. In the shortcut menu for the F-CPU, select "Download to device > All". If an online connection to the F-CPU does not yet exist, you will be prompted to establish this connection. The "Load preview" dialog is displayed. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 35 Programming 3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode 3. Select "Consistent download" in the "Action" column in each case. Note If you are only downloading the F-blocks, the block in which the main safety block is called (cyclic interrupt OB 35 in this example) is not downloaded. You must then download this OB separately the same way as for a standard program. Note To download the entire safety program, the F-CPU must be in STOP mode. 4. Click the "Load" button. Result: The "Load results" dialog is displayed. 5. Click the "Finish" button. 6. In the Safety Administration Editor, check to see if the F-collective signatures of all Fblocks with F-attribute match online and offline. If so, the download operation was successful. If not, repeat the download operation. 7. To activate safety mode, switch the F-CPU from STOP to RUN mode. The Safety Administration Editor displays the current safety mode status in the "General" area under "Safety Mode Status". Note Once a safety program has been created, you must perform a full function test according to your automation task (see SIMATIC Safety Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678) manual). SIMATIC Safety - Getting Started 36 Getting Started, 08/2011, A5E02714463-01 Programming 3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode Result You have now finished creating the safety program according to the task definition of the example. In the following appendices, we show you how easy it is to set up access protection for your safety program and the F-CPU. In addition, we show you how you can make changes to your safety program, download changes to the F-CPU, and assess the consistency of the safety program. In this interactive graphic, you have the opportunity to become familiar with the functions you just programmed. To do so, move your cursor over the operator control elements. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 37 Programming 3.11 Step 15: Downloading the complete safety program to the F-CPU and activating safety mode SIMATIC Safety - Getting Started 38 Getting Started, 08/2011, A5E02714463-01 Setting up access protection A Introduction It is essential to provide access protection in production mode for the access to the SIMATIC Safety F-system. No access protection is initially necessary for test purposes, commissioning, etc. That is, you can execute all offline and online actions without access protection, i.e., without password prompt. For additional information, refer to the "Access protection" chapter in the SIMATIC Safety Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678) manual. Procedure To set up access protection for productive operation, follow these steps: 1. In the area navigation of the Safety Administration Editors, switch to "Access protection". 2. Under "Offline safety program protection" click "Set up". Enter the password in the dialog that appears, and enter it again to confirm. 3. Under "Online F-CPU protection", click the "Go to "Protection" area of the F-CPU" link. Result: You switch to the device view of the F-CPU. 4. Under "Protection", choose the "Write protection for F-blocks" option. Under "Password for write/read access", enter a password. Then enter the password again to confirm. 5. Download the hardware configuration to the F-CPU. Result You can only make changes to the safety program offline if you enter the password from Step 2. You cannot overwrite the safety program in the F-CPU until you enter the password from Step 4. As the next step, acceptance testing of the system may be necessary for productive operation. For additional information regarding acceptance testing, refer to the "System acceptance" chapter in the "SIMATIC Safety - Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678)" manual. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 39 Setting up access protection SIMATIC Safety - Getting Started 40 Getting Started, 08/2011, A5E02714463-01 Modifying the safety program B Introduction This appendix shows you how you can change the safety program and download changes to the F-CPU. Procedure 1. Modify the example safety program so that no user acknowledgment is required for an OSSD (Output Signal Switching Device) signal from the laser scanner. To do this, program the emergency stop function as shown in the figure. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 41 Modifying the safety program Note Changes to the safety program during operation (in RUN mode) can only be made in deactivated safety mode. You make the changes to F-blocks offline in the usual way in STEP 7 Professional. F-blocks cannot be modified online. See also the "Compiling and commissioning safety program" chapter in the SIMATIC Safety - Configuring and Programming manual. 2. Save the F-FB. Note You have modified and saved an F-block of the safety program and therefore created an inconsistent safety program. That is, the collective signature of all F-blocks with Fattribute in the block container differs from the collective signature of the safety program. Note To download changes in the safety program in RUN mode, you must deactivate safety mode of the safety program. Safety mode remains deactivated until the F-CPU is next switched from STOP to RUN mode. 3. Check to see if "Current mode" in the "General" area of the Safety Administration Editor indicates "Safety mode activated". If so, click "Disable safety mode" and enter the password for the safety program. Result:Another prompt will appear containing the F-collective signature of the safety program in the F-CPU. 4. Confirm the prompt to deactivate safety mode with "OK". Result: Safety mode will be deactivated. WARNING Deactivation of safety mode is intended for test purposes, commissioning, etc. Whenever safety mode is deactivated, the safety of the system must be ensured by other organizational measures, such as monitored operation, manual safety shutdown, and access restrictions to certain areas. 5. Right-click the F-FB in the project tree, and choose "Download to device > Software" in the shortcut menu. Result: The F-FB is downloaded to the F-CPU. 6. Test the changes on the system or by using "Program status online". Once the test has been successfully completed, continue by compiling the safety program. SIMATIC Safety - Getting Started 42 Getting Started, 08/2011, A5E02714463-01 Modifying the safety program 7. To apply the changes to the safety program and produce a consistent safety program, you must recompile the safety program. To do so, follow the procedure described in the "Step 13: Compiling the safety program (Page 32)" chapter. The collective signature of all F-blocks with F-attribute in the block container and the collective signature of the safety program match; that is, the safety program is consistent and ready for acceptance testing. 8. Right-click the F-CPU in the project tree, and choose "Download to device > Software" in the shortcut menu. All F-blocks with F-attribute belonging to the safety program are identified and downloaded to the F-CPU. 9. Check the "Status" under "Program signature" in the "General" area of the Safety is displayed, the online and offline programs are Administration Editor. If the symbol consistent. If consistent, the download operation was successful. If not, repeat the download operation. To activate safety mode, switch the F-CPU from STOP to RUN mode. Note After creating a safety program, you must carry out a complete function test in accordance with your automation task. For changes made to a safety program that has already undergone a complete function test, only the changes need to be tested. For additional information, refer to the "Testing safety program" chapter in the SIMATIC Safety - Configuring and Programming (http://support.automation.siemens.com/WW/view/en/49368678) manual. Result You have now finished adapting the safety program for the modified task. SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 43 Modifying the safety program SIMATIC Safety - Getting Started 44 Getting Started, 08/2011, A5E02714463-01 Typical configuring and programming errors and their causes C Errors, causes and remedy measures Type Error Possible causes Configuration error F-blocks cannot be downloaded to the F-CPU. F-CPU parameter "F-activation" was not activated in the "Fail-safe operation" area. Configuration error SF LED on the F-module illuminates when the safety program is not loaded. The PROFIsafe address set on the DIP switch does not match the hardware configuration. Configuration error SF-LED on the F-module illuminates and TIMEOUT Monitoring time of the F-module max. cycle error in the DIAG byte of the F-I/O DB time of the F-runtime group. Configuration error SF-LED on the F-module illuminates and CRC error in the DIAG byte of the F-I/O DB Configuration error SF-LED on the F-DI module illuminates and module signals a short circuit Loaded safety program is not consistent with the loaded hardware configuration. Safety program is inconsistent. PIQ/PII of the F-module is being overwritten by the standard user program. Sensor connection does not match parameter assignment, for example: Only one switching contact is connected to a channel with 1oo2 evaluation A sensor with nonequivalent contacts is connected to a channel assigned as "twochannel equivalent." Two switching contacts of a single-channel or two-channel nonequivalent sensor are supplied via VS1 and VS2 SIMATIC Safety - Getting Started Getting Started, 08/2011, A5E02714463-01 45 Typical configuring and programming errors and their causes Type Error Programming error F-PIQ/PII is not being updated. Possible causes The main safety block is not being called in the cyclic OB3x. F-module has been passivated. Evaluate the QBAD and DIAG byte parameters in the respective F-I/O DB. Programming error F-CPU goes to STOP due to data corruption in the safety program. Main safety block is being called more than once in the cyclic program. Operands of F-DBs are being written to in the standard user program. Undeclared TEMP variables are being used in the safety program. Bit memory that is modified during processing of the main safety block, e.g., clock memory, is being read-accessed in the safety program. Overflow for arithmetic instructions is not checked. SIMATIC Safety - Getting Started 46 Getting Started, 08/2011, A5E02714463-01